The blog post and white paper are quick to the point with a nice refresher on Windows Authentication and a few new tricks about attacking Windows Authentication.

Sometimes too, we forget about the basics. Accessing a Windows resource by IP address will default fallback to NTLM authentication. Similarly a Windows workgroup machine is limited to NTLM authentication.

Matt goes on to make the case about why NTLM authentication is a higher risk... especially important if you are an administrator.